Human-in-the-Loop: When Agents Should Ask for Help (2026)
Human-in-the-loop means the agent pauses and requests human input at defined checkpoints — before irreversible actions, when confidence is low, or when risk exceeds a threshold. The key design challenge is calibrating interruption frequency: too many pauses destroy the automation value; too few allow costly mistakes. The rule: interrupt before irreversible high-impact actions, automate reversible or low-impact ones.
When to Use
- ✓Before irreversible actions: sending emails, deleting data, making payments, publishing content
- ✓When the agent's confidence score falls below a threshold (e.g., entity match confidence < 0.85)
- ✓For novel situations outside the agent's training distribution — detect via uncertainty signals
- ✓Compliance-required workflows where human sign-off is legally mandated
- ✓During initial deployment when you're still calibrating the agent's error rate before trusting autonomous operation
How It Works
- 1Classify actions by reversibility and impact: reversible/low-impact (read, search, draft) = automate; reversible/high-impact (send draft for review) = optional confirmation; irreversible/any-impact (send final email, delete record, payment) = require confirmation.
- 2Implement an interruption point as a special tool call: ask_human(question, context, options). The agent calls this tool when it needs input; execution pauses until the human responds.
- 3For async workflows, queue the HITL request and notify the human via email/Slack. The agent state is serialized and resumed when the human responds. This requires durable execution infrastructure (Temporal, AWS Step Functions).
- 4Show the human meaningful context — don't just ask 'Confirm action?'. Show: what action will be taken, why the agent decided this, what happens if the human says no, and what input is needed.
- 5Track HITL interruptions over time. If a particular decision point triggers human review more than 5% of the time, it's a candidate for retraining or better prompt design. If it triggers less than 0.1%, consider removing the gate.
Examples
from anthropic import Anthropic
client = Anthropic()
tools = [
{
'name': 'send_email',
'description': 'Send an email. ALWAYS call request_human_approval first for email sends.',
'input_schema': {'type': 'object', 'properties': {'to': {'type': 'string'}, 'subject': {'type': 'string'}, 'body': {'type': 'string'}}, 'required': ['to', 'subject', 'body']}
},
{
'name': 'request_human_approval',
'description': 'Request human approval before performing a sensitive action. Call this before send_email, delete operations, and payments.',
'input_schema': {'type': 'object', 'properties': {'action_description': {'type': 'string'}, 'action_details': {'type': 'object'}}, 'required': ['action_description', 'action_details']}
}
]
# The model will call request_human_approval before send_emaildef process_with_hitl(task: str, confidence_threshold: float = 0.85):
result = agent.run(task)
if result.confidence < confidence_threshold:
# Agent is unsure — escalate
return {
'status': 'needs_review',
'draft': result.output,
'confidence': result.confidence,
'uncertain_aspects': result.low_confidence_parts,
'reviewer_url': create_review_task(result)
}
return {'status': 'complete', 'output': result.output}Common Mistakes
- ✗HITL for everything — if the agent asks for human confirmation on every step, users bypass it entirely or abandon the system. Reserve HITL for genuinely high-stakes decisions. Start with broad HITL and narrow it as you build confidence.
- ✗Not providing enough context in HITL requests — 'Do you want to proceed?' with no context forces the human to dig through logs. Show: action, reasoning, impact, and alternatives. The human should be able to approve/reject in under 30 seconds.
- ✗Synchronous HITL that blocks the system — for async workflows, HITL requests should not block other work. Queue the request, serialize agent state, and resume when the human responds. Synchronous HITL that blocks a thread is a scalability problem.
- ✗No timeout handling for HITL requests — if the human doesn't respond in 24 hours, the agent should either escalate or take a safe default action. Undefined timeouts cause agent tasks to hang indefinitely.
FAQ
How do I implement async HITL in production?+
Use a durable execution framework: Temporal workflows, AWS Step Functions, or Inngest. The workflow pauses at the HITL step, serializes state, and stores it in a queue. A notification is sent to the human; when they respond via a webhook, the workflow resumes. This pattern scales to thousands of concurrent HITL requests.
What's the right UX for HITL review interfaces?+
Key elements: (1) Show what the agent is about to do in plain language. (2) Show the agent's reasoning (collapsible). (3) Provide approve/reject/modify options. (4) Allow the reviewer to edit the action before approving. (5) Show consequences of rejection. Keep it under 3 clicks to approve.
How do I measure if HITL is working?+
Track: HITL intervention rate (% of actions requiring review), approval rate (% approved without modification), modification rate (% approved with changes), rejection rate (% rejected). Target: intervention rate under 10% at steady state, approval-without-modification above 80%. High modification rate means the agent needs better training on that decision type.
Should HITL be enforced at the system level or the agent level?+
Both. Agent-level: the model is instructed to request approval for certain actions. System-level: regardless of what the model says, the orchestration layer intercepts specific tool calls (payment, delete, external send) and enforces an approval gate. System-level enforcement is more reliable and should be the backstop.
How do I gradually reduce HITL requirements?+
Shadow mode: run with HITL but also automatically complete the action, then compare the human decision to what would have happened without HITL. After 100+ clean shadow comparisons on a decision type, you have evidence to remove the HITL gate. Log all decisions for audit trails before and after removal.